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What is the Smart Grid? 



^Current infrastructure 
^Future infrastructure 
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What Makes up the Smart Grid? 



^Devices 

^Network infrastructure 

»Bi-directional communication 
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Problems 



^Physical security 

»Bi-directional communication introduces 
attack vectors 

»Same problems as every other type of 
network/application /fix 



fyrmassociates.com 



«FMRM 



mplications 



»Google Maps art 
»Denial-of-Service 
^Electricity theft 
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Security Initiatives 

» The Energy Independence and Security Act of 2007 

» NIST Interoperability Framework 

>> Advanced Metering Infrastructure (AMI) System Security 
Requirements vl.01 



» Critical Electric Infrastructure Protection Act (CEIPA) 
-(HR2195) 
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Fluffy 



» Using security fluff words to make people feel warm and 
fuzzy 



»CIA 

» Security integration from the beginning 
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Timeline - Part I 



» Examples of Integrating Security from the beginning (2007 - 2009): 
» Energy Independence and Security Act of 2007 
» NIST Smart Grid Interoperability Framework 

» Initial list of standards for inclusion in version 1.0 released on May 8, 2009 
» Advanced Metering Infrastructure (AMI) System Security Requirements vl.01 

» 2007 - 2008 
» Critical Electric Infrastructure Protection Act (CEIPA) - (HR 2195) 

» 2009 
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Timeline - Part 1 1 

»Design and implementation of the smart 
grid 

»2002 actually occurred before 2007 

»Austin - 2002 

»Salt River Project - 2006 
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History Repeating 



»PCI DSS 
»"Self-policing" and SAQs 

»NERC and FERC 
»NERC and FERC - Aurora vulnerability 
»NERC - Utilities under reporting f^r) 
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Proven Track Record 

»Eight Web Sites 

^Authentication over clear-text protocols 

»Cross Site Scripting 

^Information Leakage 
»What amount of security is in a name? f^\ 
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Duck and Cover? 



» Opportunity missed at the beginning, but we can still do 
some good 

» Allow security to mature 

» More stringent security requirements 

» Compliant vs. Secure 
» Tighter regulation 

» Innovation vs. Security/Renovation 
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Questions? 



»\f we run out of time: 
» I'll be here until Sunday evening 
»Email me: tony.flick@fyrmassociates.com 
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